diff options
| author | Dirk Engling <erdgeist@erdgeist.org> | 2020-12-05 13:12:09 +0100 |
|---|---|---|
| committer | Dirk Engling <erdgeist@erdgeist.org> | 2020-12-05 13:12:09 +0100 |
| commit | 8e4cbe717397f38bd479a2dbe327adb5ae0baef8 (patch) | |
| tree | 0ded7f6be7f4184e5d1464ab6f41a86a10239c68 | |
| parent | 5b369d672e35d95740dd3d24f8d69ea08fb7741c (diff) | |
Make iv history session local
| -rw-r--r-- | receiver.cpp | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/receiver.cpp b/receiver.cpp index 9e622d9..a3a0dc9 100644 --- a/receiver.cpp +++ b/receiver.cpp | |||
| @@ -131,6 +131,13 @@ public: | |||
| 131 | const uint8_t *payload = packet + GCM_IV_LENGTH + GCM_TAG_LENGTH; | 131 | const uint8_t *payload = packet + GCM_IV_LENGTH + GCM_TAG_LENGTH; |
| 132 | len -= GCM_IV_LENGTH + GCM_TAG_LENGTH; | 132 | len -= GCM_IV_LENGTH + GCM_TAG_LENGTH; |
| 133 | 133 | ||
| 134 | std::string ivs(packet, packet +GCM_IV_LENGTH); | ||
| 135 | if (_used_ivs.find(ivs) != _used_ivs.end()) { | ||
| 136 | std::cerr << "Error: Session " << std::hex << _session_id << " reused IV. Dropping packet" << std::endl; | ||
| 137 | return; | ||
| 138 | } | ||
| 139 | _used_ivs.insert(ivs); | ||
| 140 | |||
| 134 | // Create output file if it doesn't exist | 141 | // Create output file if it doesn't exist |
| 135 | if (_fd < 0) | 142 | if (_fd < 0) |
| 136 | _fd = ::open(_filename.c_str(), O_WRONLY | O_APPEND | O_CREAT, 0755); | 143 | _fd = ::open(_filename.c_str(), O_WRONLY | O_APPEND | O_CREAT, 0755); |
| @@ -168,16 +175,16 @@ public: | |||
| 168 | } | 175 | } |
| 169 | 176 | ||
| 170 | private: | 177 | private: |
| 171 | uint64_t _session_id; | 178 | uint64_t _session_id; |
| 172 | uint8_t _key[AES_KEY_LENGTH]; | 179 | uint8_t _key[AES_KEY_LENGTH]; |
| 173 | int _fd = -1; | 180 | int _fd = -1; |
| 174 | time_t _last_access = 0; | 181 | time_t _last_access = 0; |
| 175 | std::string _filename; | 182 | std::string _filename; |
| 176 | mbedtls_gcm_context _ctx; | 183 | std::set<std::string> _used_ivs; |
| 184 | mbedtls_gcm_context _ctx; | ||
| 177 | }; | 185 | }; |
| 178 | 186 | ||
| 179 | std::map<uint64_t, std::unique_ptr<Session>> g_sessions; | 187 | std::map<uint64_t, std::unique_ptr<Session>> g_sessions; |
| 180 | std::set<std::string> g_used_ivs; | ||
| 181 | 188 | ||
| 182 | static uint8_t hex2nyble(char c) | 189 | static uint8_t hex2nyble(char c) |
| 183 | { | 190 | { |
| @@ -286,12 +293,6 @@ int main() { | |||
| 286 | g_sessions[session_id] = std::make_unique<Session>(session_id, rsa_plain_text); | 293 | g_sessions[session_id] = std::make_unique<Session>(session_id, rsa_plain_text); |
| 287 | break; | 294 | break; |
| 288 | case 1: { | 295 | case 1: { |
| 289 | std::string sessid_iv(packet + 1, packet + 1 + SESSION_ID_LENGTH + GCM_IV_LENGTH); | ||
| 290 | if (g_used_ivs.find(sessid_iv) != g_used_ivs.end()) { | ||
| 291 | std::cerr << "Error: Session " << std::hex << session_id << " reused IV. Dropping packet" << std::endl; | ||
| 292 | break; | ||
| 293 | } | ||
| 294 | g_used_ivs.insert(sessid_iv); | ||
| 295 | if (session != g_sessions.end()) | 296 | if (session != g_sessions.end()) |
| 296 | session->second->write_log(packet + 1 + SESSION_ID_LENGTH, len - 1 - SESSION_ID_LENGTH); | 297 | session->second->write_log(packet + 1 + SESSION_ID_LENGTH, len - 1 - SESSION_ID_LENGTH); |
| 297 | else | 298 | else |